Action not permitted
Modal body text goes here.
cve-2013-6440
Vulnerability from cvelistv5
Published
2014-02-14 15:00
Modified
2024-08-06 17:39
Severity ?
EPSS score ?
Summary
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T17:39:01.299Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2014:0170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html" }, { "name": "RHSA-2014:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html" }, { "name": "RHSA-2014:0172", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html" }, { "name": "RHSA-2014:0171", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://shibboleth.net/community/advisories/secadv_20131213.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2013-12-13T00:00:00", "descriptions": [ { "lang": "en", "value": "The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-02-07T14:39:58", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2014:0170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html" }, { "name": "RHSA-2014:0195", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html" }, { "name": "RHSA-2014:0172", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html" }, { "name": "RHSA-2014:0171", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://shibboleth.net/community/advisories/secadv_20131213.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6440", "datePublished": "2014-02-14T15:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.299Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2013-6440\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-02-14T15:55:05.110\",\"lastModified\":\"2022-02-07T16:15:12.003\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.\"},{\"lang\":\"es\",\"value\":\"(1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter y (4) SAML Decrypter en Shibboleth OpenSAML-Java anterior a 2.6.1 establece la propiedad expandEntityReferences como \\\"true\\\", lo que permite a atacantes remotos realizar ataques de entidad externa XML (XXE) a trav\u00e9s de una declaraci\u00f3n XML DOCTYPE manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:internet2:opensaml:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"258372E2-533F-46CB-B25A-5ECB3CC2F22F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:internet2:opensaml:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1122AD73-8FDD-4387-A237-B493CE0D547E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:internet2:opensaml:2.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0192C838-FD63-4CF7-9BF0-9BAFF101C612\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shibboleth:opensaml:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.0\",\"matchCriteriaId\":\"730A8F99-C276-4B6A-B13D-6695EB0E7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shibboleth:opensaml:2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"326C4DAA-C2FE-431E-82AE-5260484EBDC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shibboleth:opensaml:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68F5A4FF-96ED-41CD-A83F-3810B9036037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shibboleth:opensaml:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71772B98-345F-42E0-BBAC-309E24D887B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shibboleth:opensaml:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E61FCA3-83FB-4D2A-8AEC-8F5050B46505\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shibboleth:opensaml:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CD6A0B-B78E-4D3C-81E4-27B8E4430F78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shibboleth:opensaml:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB9C8839-4531-4E4B-8301-03F0C62A2C99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shibboleth:opensaml:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E53CF78E-901B-4EEC-8D2C-473A4D229548\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:shibboleth:opensaml:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A61EE41-DB34-4EE0-8CF3-C1F5E6450B85\"}]}]}],\"references\":[{\"url\":\"http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0170.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0171.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0172.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0195.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://shibboleth.net/community/advisories/secadv_20131213.txt\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1043332\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"secalert@redhat.com\"}]}}" } }
ghsa-v723-58jv-2qc4
Vulnerability from github
Published
2022-05-13 01:04
Modified
2022-07-07 23:18
Summary
Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML
Details
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.opensaml:opensaml" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.6.1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2013-6440" ], "database_specific": { "cwe_ids": [ "CWE-200" ], "github_reviewed": true, "github_reviewed_at": "2022-07-07T23:18:33Z", "nvd_published_at": "2014-02-14T15:55:00Z", "severity": "MODERATE" }, "details": "The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.", "id": "GHSA-v723-58jv-2qc4", "modified": "2022-07-07T23:18:33Z", "published": "2022-05-13T01:04:00Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "type": "WEB", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html" }, { "type": "WEB", "url": "http://shibboleth.net/community/advisories/secadv_20131213.txt" } ], "schema_version": "1.4.0", "severity": [], "summary": "Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML" }
rhsa-2014_1290
Vulnerability from csaf_redhat
Published
2014-09-23 20:19
Modified
2024-11-05 18:35
Summary
Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 update
Notes
Topic
Red Hat JBoss BRMS 6.0.3, which fixes multiple security issues, several
bugs, and adds various enhancements, is now available from the Red Hat
Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Red Hat JBoss BRMS is a business rules management system for the
management, storage, creation, modification, and deployment of JBoss Rules.
This release of Red Hat JBoss BRMS 6.0.3 serves as a replacement for Red
Hat JBoss BRMS 6.0.2, and includes bug fixes and enhancements. Refer to the
Red Hat JBoss BRMS 6.0.3 Release Notes for information on the most
significant of these changes. The Release Notes are available at
https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BRMS/
The following security issues are fixed with this release:
It was found that the secure processing feature of Xalan-Java had
insufficient restrictions defined for certain properties and features.
A remote attacker able to provide Extensible Stylesheet Language
Transformations (XSLT) content to be processed by an application using
Xalan-Java could use this flaw to bypass the intended constraints of the
secure processing feature. Depending on the components available in the
classpath, this could lead to arbitrary remote code execution in the
context of the application server running the application that uses
Xalan-Java. (CVE-2014-0107)
It was found that the ParserPool and Decrypter classes in the OpenSAML
Java implementation resolved external entities, permitting XML External
Entity (XXE) attacks. A remote attacker could use this flaw to read files
accessible to the user running the application server, and potentially
perform other more advanced XXE attacks. (CVE-2013-6440)
It was found that Java Security Manager permissions configured via a policy
file were not properly applied, causing all deployed applications to be
granted the java.security.AllPermission permission. In certain cases, an
attacker could use this flaw to circumvent expected security measures to
perform actions which would otherwise be restricted. (CVE-2014-0093)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed. (CVE-2013-2035)
In Red Hat JBoss Enterprise Application Platform, when running under a
security manager, it was possible for deployed code to get access to the
Modular Service Container (MSC) service registry without any permission
checks. This could allow malicious deployments to modify the internal state
of the server in various ways. (CVE-2014-0018)
It was found that the security audit functionality logged request
parameters in plain text. This may have caused passwords to be included in
the audit log files when using BASIC or FORM-based authentication. A local
attacker with access to audit log files could possibly use this flaw to
obtain application or server authentication credentials. (CVE-2014-0058)
The CVE-2013-6440 issue was discovered by David Illsley, Ron Gutierrez of
Gotham Digital Science, and David Jorm of Red Hat Product Security; the
CVE-2014-0093 issue was discovered by Josef Cacek of the Red Hat JBoss EAP
Quality Engineering team; the CVE-2013-2035 issue was discovered by Florian
Weimer of Red Hat Product Security; and the CVE-2014-0018 issue was
discovered by Stuart Douglas of Red Hat.
All users of Red Hat JBoss BRMS 6.0.2 as provided from the Red Hat Customer
Portal are advised to upgrade to Red Hat JBoss BRMS 6.0.3.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss BRMS 6.0.3, which fixes multiple security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis release of Red Hat JBoss BRMS 6.0.3 serves as a replacement for Red\nHat JBoss BRMS 6.0.2, and includes bug fixes and enhancements. Refer to the\nRed Hat JBoss BRMS 6.0.3 Release Notes for information on the most\nsignificant of these changes. The Release Notes are available at\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BRMS/\n\nThe following security issues are fixed with this release:\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML\nJava implementation resolved external entities, permitting XML External\nEntity (XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was found that Java Security Manager permissions configured via a policy\nfile were not properly applied, causing all deployed applications to be\ngranted the java.security.AllPermission permission. In certain cases, an\nattacker could use this flaw to circumvent expected security measures to\nperform actions which would otherwise be restricted. (CVE-2014-0093)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp/ when the native libraries were bundled in a JAR file, and no\ncustom library path was specified. A local attacker could overwrite these\nnative libraries with malicious versions during the window between when\nHawtJNI writes them and when they are executed. (CVE-2013-2035)\n\nIn Red Hat JBoss Enterprise Application Platform, when running under a\nsecurity manager, it was possible for deployed code to get access to the\nModular Service Container (MSC) service registry without any permission\nchecks. This could allow malicious deployments to modify the internal state\nof the server in various ways. (CVE-2014-0018)\n\nIt was found that the security audit functionality logged request\nparameters in plain text. This may have caused passwords to be included in\nthe audit log files when using BASIC or FORM-based authentication. A local\nattacker with access to audit log files could possibly use this flaw to\nobtain application or server authentication credentials. (CVE-2014-0058)\n\nThe CVE-2013-6440 issue was discovered by David Illsley, Ron Gutierrez of\nGotham Digital Science, and David Jorm of Red Hat Product Security; the\nCVE-2014-0093 issue was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team; the CVE-2013-2035 issue was discovered by Florian\nWeimer of Red Hat Product Security; and the CVE-2014-0018 issue was\ndiscovered by Stuart Douglas of Red Hat.\n\nAll users of Red Hat JBoss BRMS 6.0.2 as provided from the Red Hat Customer\nPortal are advised to upgrade to Red Hat JBoss BRMS 6.0.3.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:1290", "url": "https://access.redhat.com/errata/RHSA-2014:1290" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms\u0026downloadType=distributions\u0026version=6.0.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms\u0026downloadType=distributions\u0026version=6.0.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BRMS/", "url": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BRMS/" }, { "category": "external", "summary": "958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "1063641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063641" }, { "category": "external", "summary": "1070046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070046" }, { "category": "external", "summary": "1080248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080248" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1290.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss BRMS 6.0.3 update", "tracking": { "current_release_date": "2024-11-05T18:35:53+00:00", "generator": { "date": "2024-11-05T18:35:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2014:1290", "initial_release_date": "2014-09-23T20:19:55+00:00", "revision_history": [ { "date": "2014-09-23T20:19:55+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:33:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:35:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss BRMS 6.0", "product": { "name": "Red Hat JBoss BRMS 6.0", "product_id": "Red Hat JBoss BRMS 6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_brms:6.0" } } } ], "category": "product_family", "name": "Red Hat Decision Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Florian Weimer" ], "organization": "Red Hat Product Security Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-2035", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2013-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "958618" } ], "notes": [ { "category": "description", "text": "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", "title": "Vulnerability description" }, { "category": "summary", "text": "HawtJNI: predictable temporary file name leading to local arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BRMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2035" }, { "category": "external", "summary": "RHBZ#958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2035", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2035" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035" } ], "release_date": "2013-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:55+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing the\nupdate, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BRMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1290" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BRMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "HawtJNI: predictable temporary file name leading to local arbitrary code execution" }, { "acknowledgments": [ { "names": [ "David Illsley" ] }, { "names": [ "Ron Gutierrez" ], "organization": "Gotham Digital Science" }, { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6440", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2013-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1043332" } ], "notes": [ { "category": "description", "text": "It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BRMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6440" }, { "category": "external", "summary": "RHBZ#1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440" }, { "category": "external", "summary": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" } ], "release_date": "2013-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:55+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing the\nupdate, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BRMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1290" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BRMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter" }, { "acknowledgments": [ { "names": [ "Stuart Douglas" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0018", "discovery_date": "2014-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1052783" } ], "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-as-server: Unchecked access to MSC Service Registry under JSM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BRMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0018" }, { "category": "external", "summary": "RHBZ#1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0018", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0018" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018" } ], "release_date": "2014-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:55+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing the\nupdate, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BRMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1290" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BRMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-as-server: Unchecked access to MSC Service Registry under JSM" }, { "cve": "CVE-2014-0058", "discovery_date": "2014-02-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1063641" } ], "notes": [ { "category": "description", "text": "It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP6: Plain text password logging during security audit", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BRMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0058" }, { "category": "external", "summary": "RHBZ#1063641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063641" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0058", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0058" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0058", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0058" } ], "release_date": "2014-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:55+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing the\nupdate, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BRMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1290" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BRMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "EAP6: Plain text password logging during security audit" }, { "acknowledgments": [ { "names": [ "Josef Cacek" ], "organization": "Red Hat JBoss EAP Quality Engineering team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0093", "discovery_date": "2014-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1070046" } ], "notes": [ { "category": "description", "text": "It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted.", "title": "Vulnerability description" }, { "category": "summary", "text": "6: JSM policy not respected by deployed applications", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BRMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0093" }, { "category": "external", "summary": "RHBZ#1070046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0093", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0093" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0093", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0093" } ], "release_date": "2014-02-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:55+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing the\nupdate, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BRMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1290" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BRMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "6: JSM policy not respected by deployed applications" }, { "cve": "CVE-2014-0107", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2014-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1080248" } ], "notes": [ { "category": "description", "text": "It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.", "title": "Vulnerability description" }, { "category": "summary", "text": "Xalan-Java: insufficient constraints in secure processing feature", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BRMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0107" }, { "category": "external", "summary": "RHBZ#1080248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080248" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0107", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0107" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0107", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0107" }, { "category": "external", "summary": "http://www.ocert.org/advisories/ocert-2014-002.html", "url": "http://www.ocert.org/advisories/ocert-2014-002.html" } ], "release_date": "2014-03-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:55+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing the\nupdate, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BRMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1290" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss BRMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Xalan-Java: insufficient constraints in secure processing feature" } ] }
rhsa-2014_0195
Vulnerability from csaf_redhat
Published
2014-02-20 17:22
Modified
2024-11-05 18:19
Summary
Red Hat Security Advisory: Red Hat JBoss Portal 6.1.1 update
Notes
Topic
Red Hat JBoss Portal 6.1.1, which fixes two security issues and various
bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Portal is the open source implementation of the Java EE suite
of services and Portal services running atop Red Hat JBoss Enterprise
Application Platform.
This Red Hat JBoss Portal 6.1.1 release serves as a replacement for 6.1.0.
Refer to the 6.1.1 Release Notes for further information, available shortly
from https://access.redhat.com/site/documentation/en-US/
It was found that the ParserPool and Decrypter classes in the OpenSAML Java
implementation resolved external entities, permitting XML External Entity
(XXE) attacks. A remote attacker could use this flaw to read files
accessible to the user running the application server, and potentially
perform other more advanced XXE attacks. (CVE-2013-6440)
It was discovered that the Apache Santuario XML Security for Java project
allowed Document Type Definitions (DTDs) to be processed when applying
Transforms even when secure validation was enabled. A remote attacker could
use this flaw to exhaust all available memory on the system, causing a
denial of service. (CVE-2013-4517)
All users of Red Hat JBoss Portal 6.1.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss Portal 6.1.1.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Portal 6.1.1, which fixes two security issues and various\nbugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Portal is the open source implementation of the Java EE suite\nof services and Portal services running atop Red Hat JBoss Enterprise\nApplication Platform.\n\nThis Red Hat JBoss Portal 6.1.1 release serves as a replacement for 6.1.0.\nRefer to the 6.1.1 Release Notes for further information, available shortly\nfrom https://access.redhat.com/site/documentation/en-US/\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nAll users of Red Hat JBoss Portal 6.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss Portal 6.1.1.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0195", "url": "https://access.redhat.com/errata/RHSA-2014:0195" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal\u0026downloadType=distributions", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal\u0026downloadType=distributions" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Portal/", "url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Portal/" }, { "category": "external", "summary": "1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0195.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Portal 6.1.1 update", "tracking": { "current_release_date": "2024-11-05T18:19:19+00:00", "generator": { "date": "2024-11-05T18:19:19+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2014:0195", "initial_release_date": "2014-02-20T17:22:15+00:00", "revision_history": [ { "date": "2014-02-20T17:22:15+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:32:53+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:19:19+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Portal Platform 6.1", "product": { "name": "Red Hat JBoss Portal Platform 6.1", "product_id": "Red Hat JBoss Portal Platform 6.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.1.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Portal" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-4517", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2013-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1045257" } ], "notes": [ { "category": "description", "text": "It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: Java XML Signature DoS Attack", "title": "Vulnerability summary" }, { "category": "other", "text": "Fuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4, Fuse Mediation Router 2.7, 2.8 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nFuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nRed Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 4; Red Hat JBoss Enterprise Data Services Platform 5; Red Hat JBoss Enterprise Portal Platform 4 and 5; and Red Hat JBoss Enterprise SOA Platform 4 and 5 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Portal Platform 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4517" }, { "category": "external", "summary": "RHBZ#1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4517", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517" } ], "release_date": "2013-11-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-20T17:22:15+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", "product_ids": [ "Red Hat JBoss Portal Platform 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0195" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Portal Platform 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: Java XML Signature DoS Attack" }, { "acknowledgments": [ { "names": [ "David Illsley" ] }, { "names": [ "Ron Gutierrez" ], "organization": "Gotham Digital Science" }, { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6440", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2013-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1043332" } ], "notes": [ { "category": "description", "text": "It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Portal Platform 6.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6440" }, { "category": "external", "summary": "RHBZ#1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440" }, { "category": "external", "summary": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" } ], "release_date": "2013-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-20T17:22:15+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Enterprise Portal Platform, along with all\ncustomized configuration files, and any databases and database settings.", "product_ids": [ "Red Hat JBoss Portal Platform 6.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0195" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Portal Platform 6.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter" } ] }
rhsa-2014_0170
Vulnerability from csaf_redhat
Published
2014-02-13 18:34
Modified
2024-11-05 18:18
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 update
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform
6.2.1 and fix three security issues, several bugs, and add various
enhancements are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
It was found that the ParserPool and Decrypter classes in the OpenSAML Java
implementation resolved external entities, permitting XML External Entity
(XXE) attacks. A remote attacker could use this flaw to read files
accessible to the user running the application server, and potentially
perform other more advanced XXE attacks. (CVE-2013-6440)
It was discovered that the Apache Santuario XML Security for Java project
allowed Document Type Definitions (DTDs) to be processed when applying
Transforms even when secure validation was enabled. A remote attacker could
use this flaw to exhaust all available memory on the system, causing a
denial of service. (CVE-2013-4517)
In Red Hat JBoss Enterprise Application Platform, when running under a
security manager, it was possible for deployed code to get access to the
Modular Service Container (MSC) service registry without any permission
checks. This could allow malicious deployments to modify the internal state
of the server in various ways. (CVE-2014-0018)
The CVE-2013-6440 was discovered by David Illsley, Ron Gutierrez of Gotham
Digital Science, and David Jorm of the Red Hat Security Response Team, and
the CVE-2014-0018 issue was discovered by Stuart Douglas of Red Hat.
This release serves as a replacement for JBoss Enterprise Application
Platform 6.2.0, and includes bug fixes and enhancements. Documentation for
these changes will be available shortly from the JBoss Enterprise
Application Platform 6.2.1 Release Notes, linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.2.0 on Red Hat
Enterprise Linux 5 are advised to upgrade to these updated packages.
The JBoss server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform\n6.2.1 and fix three security issues, several bugs, and add various\nenhancements are now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIn Red Hat JBoss Enterprise Application Platform, when running under a\nsecurity manager, it was possible for deployed code to get access to the\nModular Service Container (MSC) service registry without any permission\nchecks. This could allow malicious deployments to modify the internal state\nof the server in various ways. (CVE-2014-0018)\n\nThe CVE-2013-6440 was discovered by David Illsley, Ron Gutierrez of Gotham\nDigital Science, and David Jorm of the Red Hat Security Response Team, and\nthe CVE-2014-0018 issue was discovered by Stuart Douglas of Red Hat.\n\nThis release serves as a replacement for JBoss Enterprise Application\nPlatform 6.2.0, and includes bug fixes and enhancements. Documentation for\nthese changes will be available shortly from the JBoss Enterprise\nApplication Platform 6.2.1 Release Notes, linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.0 on Red Hat\nEnterprise Linux 5 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0170", "url": "https://access.redhat.com/errata/RHSA-2014:0170" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/6.2.1_Release_Notes/index.html", "url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/6.2.1_Release_Notes/index.html" }, { "category": "external", "summary": "1038643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1038643" }, { "category": "external", "summary": "1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "external", "summary": "1052718", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052718" }, { "category": "external", "summary": "1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "1052989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052989" }, { "category": "external", "summary": "1053216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053216" }, { "category": "external", "summary": "1053218", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053218" }, { "category": "external", "summary": "1053224", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053224" }, { "category": "external", "summary": "1053229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053229" }, { "category": "external", "summary": "1053231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053231" }, { "category": "external", "summary": "1053779", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053779" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0170.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 update", "tracking": { "current_release_date": "2024-11-05T18:18:53+00:00", "generator": { "date": "2024-11-05T18:18:53+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2014:0170", "initial_release_date": "2014-02-13T18:34:17+00:00", "revision_history": [ { "date": "2014-02-13T18:34:17+00:00", "number": "1", "summary": "Initial version" }, { "date": "2014-02-13T18:34:17+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:18:53+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "product": { "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "product_id": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.0.19-2.SP3_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "product": { "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "product_id": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jacorb-jboss@2.3.2-13.redhat_6.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-logmanager@1.5.2-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.3.0-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "product_id": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-xnio-base@3.0.9-1.GA_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "product": { "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "product_id": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-security@1.5.6-1.redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "product_id": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.14-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "product_id": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/netty@3.6.7-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "product_id": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-marshalling@1.4.3-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "product": { "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "product_id": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/weld-core@1.1.17-1.Final_redhat_1.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src", "product": { "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src", "product_id": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xmltooling@1.3.4-5.redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_id": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "product": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "product_id": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.3.1-3.Final_redhat_3.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "product_id": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.3.1-5.Final_redhat_3.1.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "product": { "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "product_id": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.3.1-6.Final_redhat_3.1.ep6.el5?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "product": { "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "product_id": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.0.19-2.SP3_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "product": { "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "product_id": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jacorb-jboss@2.3.2-13.redhat_6.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-logmanager@1.5.2-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.3.0-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-xnio-base@3.0.9-1.GA_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "product": { "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "product_id": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-security@1.5.6-1.redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.14-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/netty@3.6.7-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-marshalling@1.4.3-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "product": { "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "product_id": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/weld-core@1.1.17-1.Final_redhat_1.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "product": { "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "product_id": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xmltooling@1.3.4-5.redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.3.1-3.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.3.1-4.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.3.1-2.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "product": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "product_id": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.3.1-3.Final_redhat_3.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.3.1-5.Final_redhat_3.1.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "product": { "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "product_id": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.3.1-6.Final_redhat_3.1.ep6.el5?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch" }, "product_reference": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6.2" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server", "product_id": "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src" }, "product_reference": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6.2" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch" }, "product_reference": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src" }, "product_reference": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src" }, "product_reference": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch" }, "product_reference": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src" }, "product_reference": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch" }, "product_reference": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src" }, "product_reference": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch" }, "product_reference": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src" }, "product_reference": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch" }, "product_reference": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src" }, "product_reference": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch" }, "product_reference": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src" }, "product_reference": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch" }, "product_reference": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" }, "product_reference": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-4517", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2013-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1045257" } ], "notes": [ { "category": "description", "text": "It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: Java XML Signature DoS Attack", "title": "Vulnerability summary" }, { "category": "other", "text": "Fuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4, Fuse Mediation Router 2.7, 2.8 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nFuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nRed Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 4; Red Hat JBoss Enterprise Data Services Platform 5; Red Hat JBoss Enterprise Portal Platform 4 and 5; and Red Hat JBoss Enterprise SOA Platform 4 and 5 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4517" }, { "category": "external", "summary": "RHBZ#1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4517", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517" } ], "release_date": "2013-11-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-13T18:34:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nFor more details, refer to the Release Notes for Red Hat JBoss Enterprise\nApplication Platform 6.2.1, available shortly from\nhttps://access.redhat.com/site/documentation/\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0170" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: Java XML Signature DoS Attack" }, { "acknowledgments": [ { "names": [ "David Illsley" ] }, { "names": [ "Ron Gutierrez" ], "organization": "Gotham Digital Science" }, { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6440", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2013-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1043332" } ], "notes": [ { "category": "description", "text": "It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6440" }, { "category": "external", "summary": "RHBZ#1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440" }, { "category": "external", "summary": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" } ], "release_date": "2013-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-13T18:34:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nFor more details, refer to the Release Notes for Red Hat JBoss Enterprise\nApplication Platform 6.2.1, available shortly from\nhttps://access.redhat.com/site/documentation/\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0170" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter" }, { "acknowledgments": [ { "names": [ "Stuart Douglas" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0018", "discovery_date": "2014-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1052783" } ], "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-as-server: Unchecked access to MSC Service Registry under JSM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0018" }, { "category": "external", "summary": "RHBZ#1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0018", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0018" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018" } ], "release_date": "2014-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-13T18:34:17+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nFor more details, refer to the Release Notes for Red Hat JBoss Enterprise\nApplication Platform 6.2.1, available shortly from\nhttps://access.redhat.com/site/documentation/\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0170" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.noarch", "5Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5.src", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5.src", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.noarch", "5Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el5.src", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.noarch", "5Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-as-server: Unchecked access to MSC Service Registry under JSM" } ] }
rhsa-2014_1995
Vulnerability from csaf_redhat
Published
2014-12-15 20:35
Modified
2024-11-05 18:42
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update
Notes
Topic
Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 3, which fixes
multiple security issues and various bugs, is now available from the Red
Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Red Hat JBoss Fuse Service Works is the next-generation ESB and business
process automation infrastructure.
This roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse
Service Works 6.0.0. It includes various bug fixes, which are listed in the
README file included with the patch files.
The following security issues are fixed with this release:
It was found that the secure processing feature of Xalan-Java had
insufficient restrictions defined for certain properties and features.
A remote attacker able to provide Extensible Stylesheet Language
Transformations (XSLT) content to be processed by an application using
Xalan-Java could use this flaw to bypass the intended constraints of the
secure processing feature. Depending on the components available in the
classpath, this could lead to arbitrary remote code execution in the
context of the application server running the application that uses
Xalan-Java. (CVE-2014-0107)
It was found that the ParserPool and Decrypter classes in the OpenSAML Java
implementation resolved external entities, permitting XML External Entity
(XXE) attacks. A remote attacker could use this flaw to read files
accessible to the user running the application server, and potentially
perform other more advanced XXE attacks. (CVE-2013-6440)
It was found that Java Security Manager permissions configured via a policy
file were not properly applied, causing all deployed applications to be
granted the java.security.AllPermission permission. In certain cases, an
attacker could use this flaw to circumvent expected security measures to
perform actions which would otherwise be restricted. (CVE-2014-0093)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed. (CVE-2013-2035)
In Red Hat JBoss Enterprise Application Platform, when running under a
security manager, it was possible for deployed code to get access to the
Modular Service Container (MSC) service registry without any permission
checks. This could allow malicious deployments to modify the internal state
of the server in various ways. (CVE-2014-0018)
It was found that the security audit functionality logged request
parameters in plain text. This may have caused passwords to be included in
the audit log files when using BASIC or FORM-based authentication. A local
attacker with access to audit log files could possibly use this flaw to
obtain application or server authentication credentials. (CVE-2014-0058)
The CVE-2013-6440 issue was discovered by David Illsley, Ron Gutierrez of
Gotham Digital Science, and David Jorm of Red Hat Product Security; the
CVE-2014-0093 issue was discovered by Josef Cacek of the Red Hat JBoss EAP
Quality Engineering team; the CVE-2013-2035 issue was discovered by Florian
Weimer of Red Hat Product Security; and the CVE-2014-0018 issue was
discovered by Stuart Douglas of Red Hat.
All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the
Red Hat Customer Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Fuse Service Works 6.0.0 roll up patch 3, which fixes\nmultiple security issues and various bugs, is now available from the Red\nHat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Fuse Service Works is the next-generation ESB and business\nprocess automation infrastructure.\n\nThis roll up patch serves as a cumulative upgrade for Red Hat JBoss Fuse\nService Works 6.0.0. It includes various bug fixes, which are listed in the\nREADME file included with the patch files.\n\nThe following security issues are fixed with this release:\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was found that Java Security Manager permissions configured via a policy\nfile were not properly applied, causing all deployed applications to be\ngranted the java.security.AllPermission permission. In certain cases, an\nattacker could use this flaw to circumvent expected security measures to\nperform actions which would otherwise be restricted. (CVE-2014-0093)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp/ when the native libraries were bundled in a JAR file, and no\ncustom library path was specified. A local attacker could overwrite these\nnative libraries with malicious versions during the window between when\nHawtJNI writes them and when they are executed. (CVE-2013-2035)\n\nIn Red Hat JBoss Enterprise Application Platform, when running under a\nsecurity manager, it was possible for deployed code to get access to the\nModular Service Container (MSC) service registry without any permission\nchecks. This could allow malicious deployments to modify the internal state\nof the server in various ways. (CVE-2014-0018)\n\nIt was found that the security audit functionality logged request\nparameters in plain text. This may have caused passwords to be included in\nthe audit log files when using BASIC or FORM-based authentication. A local\nattacker with access to audit log files could possibly use this flaw to\nobtain application or server authentication credentials. (CVE-2014-0058)\n\nThe CVE-2013-6440 issue was discovered by David Illsley, Ron Gutierrez of\nGotham Digital Science, and David Jorm of Red Hat Product Security; the\nCVE-2014-0093 issue was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team; the CVE-2013-2035 issue was discovered by Florian\nWeimer of Red Hat Product Security; and the CVE-2014-0018 issue was\ndiscovered by Stuart Douglas of Red Hat.\n\nAll users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this roll up patch.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:1995", "url": "https://access.redhat.com/errata/RHSA-2014:1995" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse.serviceworks\u0026downloadType=securityPatches\u0026version=6.0.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse.serviceworks\u0026downloadType=securityPatches\u0026version=6.0.0" }, { "category": "external", "summary": "958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "1063641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063641" }, { "category": "external", "summary": "1070046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070046" }, { "category": "external", "summary": "1080248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080248" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1995.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.0.0 security update", "tracking": { "current_release_date": "2024-11-05T18:42:59+00:00", "generator": { "date": "2024-11-05T18:42:59+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2014:1995", "initial_release_date": "2014-12-15T20:35:32+00:00", "revision_history": [ { "date": "2014-12-15T20:35:32+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:33:36+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:42:59+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Fuse Service Works 6.0", "product": { "name": "Red Hat JBoss Fuse Service Works 6.0", "product_id": "Red Hat JBoss Fuse Service Works 6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_fuse_service_works:6.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Fuse Service Works" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Florian Weimer" ], "organization": "Red Hat Product Security Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-2035", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2013-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "958618" } ], "notes": [ { "category": "description", "text": "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", "title": "Vulnerability description" }, { "category": "summary", "text": "HawtJNI: predictable temporary file name leading to local arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse Service Works 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2035" }, { "category": "external", "summary": "RHBZ#958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2035", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2035" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035" } ], "release_date": "2013-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-12-15T20:35:32+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Fuse Service Works installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss Fuse Service Works\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss Fuse Service Works server by starting the JBoss Application\nServer process.", "product_ids": [ "Red Hat JBoss Fuse Service Works 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1995" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse Service Works 6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "HawtJNI: predictable temporary file name leading to local arbitrary code execution" }, { "acknowledgments": [ { "names": [ "David Illsley" ] }, { "names": [ "Ron Gutierrez" ], "organization": "Gotham Digital Science" }, { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6440", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2013-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1043332" } ], "notes": [ { "category": "description", "text": "It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse Service Works 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6440" }, { "category": "external", "summary": "RHBZ#1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440" }, { "category": "external", "summary": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" } ], "release_date": "2013-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-12-15T20:35:32+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Fuse Service Works installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss Fuse Service Works\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss Fuse Service Works server by starting the JBoss Application\nServer process.", "product_ids": [ "Red Hat JBoss Fuse Service Works 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1995" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse Service Works 6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter" }, { "acknowledgments": [ { "names": [ "Stuart Douglas" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0018", "discovery_date": "2014-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1052783" } ], "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-as-server: Unchecked access to MSC Service Registry under JSM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse Service Works 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0018" }, { "category": "external", "summary": "RHBZ#1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0018", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0018" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018" } ], "release_date": "2014-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-12-15T20:35:32+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Fuse Service Works installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss Fuse Service Works\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss Fuse Service Works server by starting the JBoss Application\nServer process.", "product_ids": [ "Red Hat JBoss Fuse Service Works 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1995" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse Service Works 6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-as-server: Unchecked access to MSC Service Registry under JSM" }, { "cve": "CVE-2014-0058", "discovery_date": "2014-02-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1063641" } ], "notes": [ { "category": "description", "text": "It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP6: Plain text password logging during security audit", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse Service Works 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0058" }, { "category": "external", "summary": "RHBZ#1063641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063641" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0058", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0058" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0058", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0058" } ], "release_date": "2014-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-12-15T20:35:32+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Fuse Service Works installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss Fuse Service Works\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss Fuse Service Works server by starting the JBoss Application\nServer process.", "product_ids": [ "Red Hat JBoss Fuse Service Works 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1995" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse Service Works 6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "EAP6: Plain text password logging during security audit" }, { "acknowledgments": [ { "names": [ "Josef Cacek" ], "organization": "Red Hat JBoss EAP Quality Engineering team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0093", "discovery_date": "2014-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1070046" } ], "notes": [ { "category": "description", "text": "It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted.", "title": "Vulnerability description" }, { "category": "summary", "text": "6: JSM policy not respected by deployed applications", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse Service Works 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0093" }, { "category": "external", "summary": "RHBZ#1070046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0093", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0093" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0093", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0093" } ], "release_date": "2014-02-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-12-15T20:35:32+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Fuse Service Works installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss Fuse Service Works\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss Fuse Service Works server by starting the JBoss Application\nServer process.", "product_ids": [ "Red Hat JBoss Fuse Service Works 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1995" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse Service Works 6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "6: JSM policy not respected by deployed applications" }, { "cve": "CVE-2014-0107", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2014-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1080248" } ], "notes": [ { "category": "description", "text": "It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.", "title": "Vulnerability description" }, { "category": "summary", "text": "Xalan-Java: insufficient constraints in secure processing feature", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Fuse Service Works 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0107" }, { "category": "external", "summary": "RHBZ#1080248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080248" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0107", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0107" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0107", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0107" }, { "category": "external", "summary": "http://www.ocert.org/advisories/ocert-2014-002.html", "url": "http://www.ocert.org/advisories/ocert-2014-002.html" } ], "release_date": "2014-03-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-12-15T20:35:32+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting Red Hat JBoss Fuse Service Works installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss Fuse Service Works\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the Red Hat\nJBoss Fuse Service Works server by starting the JBoss Application\nServer process.", "product_ids": [ "Red Hat JBoss Fuse Service Works 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1995" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Fuse Service Works 6.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Xalan-Java: insufficient constraints in secure processing feature" } ] }
rhsa-2014_0171
Vulnerability from csaf_redhat
Published
2014-02-13 18:33
Modified
2024-11-05 18:19
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 update
Notes
Topic
Updated packages that provide Red Hat JBoss Enterprise Application Platform
6.2.1 and fix three security issues, several bugs, and add various
enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
It was found that the ParserPool and Decrypter classes in the OpenSAML Java
implementation resolved external entities, permitting XML External Entity
(XXE) attacks. A remote attacker could use this flaw to read files
accessible to the user running the application server, and potentially
perform other more advanced XXE attacks. (CVE-2013-6440)
It was discovered that the Apache Santuario XML Security for Java project
allowed Document Type Definitions (DTDs) to be processed when applying
Transforms even when secure validation was enabled. A remote attacker could
use this flaw to exhaust all available memory on the system, causing a
denial of service. (CVE-2013-4517)
In Red Hat JBoss Enterprise Application Platform, when running under a
security manager, it was possible for deployed code to get access to the
Modular Service Container (MSC) service registry without any permission
checks. This could allow malicious deployments to modify the internal state
of the server in various ways. (CVE-2014-0018)
The CVE-2013-6440 was discovered by David Illsley, Ron Gutierrez of Gotham
Digital Science, and David Jorm of the Red Hat Security Response Team, and
the CVE-2014-0018 issue was discovered by Stuart Douglas of Red Hat.
This release serves as a replacement for JBoss Enterprise Application
Platform 6.2.0, and includes bug fixes and enhancements. Documentation for
these changes will be available shortly from the JBoss Enterprise
Application Platform 6.2.1 Release Notes, linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.2.0 on Red Hat
Enterprise Linux 6 are advised to upgrade to these updated packages.
The JBoss server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated packages that provide Red Hat JBoss Enterprise Application Platform\n6.2.1 and fix three security issues, several bugs, and add various\nenhancements are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIn Red Hat JBoss Enterprise Application Platform, when running under a\nsecurity manager, it was possible for deployed code to get access to the\nModular Service Container (MSC) service registry without any permission\nchecks. This could allow malicious deployments to modify the internal state\nof the server in various ways. (CVE-2014-0018)\n\nThe CVE-2013-6440 was discovered by David Illsley, Ron Gutierrez of Gotham\nDigital Science, and David Jorm of the Red Hat Security Response Team, and\nthe CVE-2014-0018 issue was discovered by Stuart Douglas of Red Hat.\n\nThis release serves as a replacement for JBoss Enterprise Application\nPlatform 6.2.0, and includes bug fixes and enhancements. Documentation for\nthese changes will be available shortly from the JBoss Enterprise\nApplication Platform 6.2.1 Release Notes, linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.0 on Red Hat\nEnterprise Linux 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0171", "url": "https://access.redhat.com/errata/RHSA-2014:0171" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/6.2.1_Release_Notes/index.html", "url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/6.2.1_Release_Notes/index.html" }, { "category": "external", "summary": "1038647", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1038647" }, { "category": "external", "summary": "1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "external", "summary": "1052717", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052717" }, { "category": "external", "summary": "1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "1052988", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052988" }, { "category": "external", "summary": "1053215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053215" }, { "category": "external", "summary": "1053217", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053217" }, { "category": "external", "summary": "1053223", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053223" }, { "category": "external", "summary": "1053228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053228" }, { "category": "external", "summary": "1053230", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053230" }, { "category": "external", "summary": "1053778", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1053778" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0171.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 update", "tracking": { "current_release_date": "2024-11-05T18:19:00+00:00", "generator": { "date": "2024-11-05T18:19:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2014:0171", "initial_release_date": "2014-02-13T18:33:33+00:00", "revision_history": [ { "date": "2014-02-13T18:33:33+00:00", "number": "1", "summary": "Initial version" }, { "date": "2014-02-13T18:33:33+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:19:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "product": { "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "product_id": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.0.19-2.SP3_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "product": { "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "product_id": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jacorb-jboss@2.3.2-13.redhat_6.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-logmanager@1.5.2-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.3.0-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "product_id": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-xnio-base@3.0.9-1.GA_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "product": { "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "product_id": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-security@1.5.6-1.redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "product_id": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.14-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "product_id": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/netty@3.6.7-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-marshalling@1.4.3-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "product_id": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/weld-core@1.1.17-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src", "product": { "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src", "product_id": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/xmltooling@1.3.4-5.redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_id": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "product": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "product_id": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.3.1-3.Final_redhat_3.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "product_id": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.3.1-5.Final_redhat_3.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "product": { "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "product_id": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.3.1-6.Final_redhat_3.1.ep6.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "product": { "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "product_id": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.0.19-2.SP3_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "product": { "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "product_id": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jacorb-jboss@2.3.2-13.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-logmanager@1.5.2-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.3.0-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-xnio-base@3.0.9-1.GA_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "product": { "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "product_id": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xml-security@1.5.6-1.redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.14-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/netty@3.6.7-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-marshalling@1.4.3-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/weld-core@1.1.17-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "product": { "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "product_id": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/xmltooling@1.3.4-5.redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.3.1-2.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.3.1-4.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.3.1-3.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "product": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "product_id": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.3.1-3.Final_redhat_3.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.3.1-5.Final_redhat_3.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "product": { "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "product_id": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.3.1-6.Final_redhat_3.1.ep6.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch" }, "product_reference": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.2" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src" }, "product_reference": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.2" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch" }, "product_reference": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src" }, "product_reference": "jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch" }, "product_reference": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src" }, "product_reference": "jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch" }, "product_reference": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src" }, "product_reference": "jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch" }, "product_reference": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src" }, "product_reference": "picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch" }, "product_reference": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src" }, "product_reference": "xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch" }, "product_reference": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" }, "product_reference": "xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-4517", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2013-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1045257" } ], "notes": [ { "category": "description", "text": "It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: Java XML Signature DoS Attack", "title": "Vulnerability summary" }, { "category": "other", "text": "Fuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4, Fuse Mediation Router 2.7, 2.8 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nFuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nRed Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 4; Red Hat JBoss Enterprise Data Services Platform 5; Red Hat JBoss Enterprise Portal Platform 4 and 5; and Red Hat JBoss Enterprise SOA Platform 4 and 5 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4517" }, { "category": "external", "summary": "RHBZ#1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4517", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517" } ], "release_date": "2013-11-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-13T18:33:33+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nFor more details, refer to the Release Notes for Red Hat JBoss Enterprise\nApplication Platform 6.2.1, available shortly from\nhttps://access.redhat.com/site/documentation/\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0171" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: Java XML Signature DoS Attack" }, { "acknowledgments": [ { "names": [ "David Illsley" ] }, { "names": [ "Ron Gutierrez" ], "organization": "Gotham Digital Science" }, { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6440", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2013-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1043332" } ], "notes": [ { "category": "description", "text": "It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6440" }, { "category": "external", "summary": "RHBZ#1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440" }, { "category": "external", "summary": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" } ], "release_date": "2013-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-13T18:33:33+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nFor more details, refer to the Release Notes for Red Hat JBoss Enterprise\nApplication Platform 6.2.1, available shortly from\nhttps://access.redhat.com/site/documentation/\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0171" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter" }, { "acknowledgments": [ { "names": [ "Stuart Douglas" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0018", "discovery_date": "2014-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1052783" } ], "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-as-server: Unchecked access to MSC Service Registry under JSM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0018" }, { "category": "external", "summary": "RHBZ#1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0018", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0018" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018" } ], "release_date": "2014-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-13T18:33:33+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nFor more details, refer to the Release Notes for Red Hat JBoss Enterprise\nApplication Platform 6.2.1, available shortly from\nhttps://access.redhat.com/site/documentation/\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258", "product_ids": [ "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0171" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6.2:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6:jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6.src", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6.src", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6:xml-security-0:1.5.6-1.redhat_1.1.ep6.el6.src", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.noarch", "6Server-JBEAP-6:xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-as-server: Unchecked access to MSC Service Registry under JSM" } ] }
rhsa-2014_1291
Vulnerability from csaf_redhat
Published
2014-09-23 20:19
Modified
2024-11-05 18:35
Summary
Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.0.3 update
Notes
Topic
Red Hat JBoss BPM Suite 6.0.3, which fixes multiple security issues,
several bugs, and adds various enhancements, is now available from the Red
Hat Customer Portal.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
Details
Red Hat JBoss BPM Suite is a business rules and processes management system
for the management, storage, creation, modification, and deployment of
JBoss rules and BPMN2-compliant business processes.
This release of Red Hat JBoss BPM Suite 6.0.3 serves as a replacement for
Red Hat JBoss BPM Suite 6.0.2, and includes bug fixes and enhancements.
Refer to the Red Hat JBoss BPM Suite 6.0.3 Release Notes for information on
the most significant of these changes. The Release Notes are available at
https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/
The following security issues are fixed with this release:
It was found that the secure processing feature of Xalan-Java had
insufficient restrictions defined for certain properties and features.
A remote attacker able to provide Extensible Stylesheet Language
Transformations (XSLT) content to be processed by an application using
Xalan-Java could use this flaw to bypass the intended constraints of the
secure processing feature. Depending on the components available in the
classpath, this could lead to arbitrary remote code execution in the
context of the application server running the application that uses
Xalan-Java. (CVE-2014-0107)
It was found that the ParserPool and Decrypter classes in the OpenSAML
Java implementation resolved external entities, permitting XML External
Entity (XXE) attacks. A remote attacker could use this flaw to read files
accessible to the user running the application server, and potentially
perform other more advanced XXE attacks. (CVE-2013-6440)
It was found that Java Security Manager permissions configured via a policy
file were not properly applied, causing all deployed applications to be
granted the java.security.AllPermission permission. In certain cases, an
attacker could use this flaw to circumvent expected security measures to
perform actions which would otherwise be restricted. (CVE-2014-0093)
The HawtJNI Library class wrote native libraries to a predictable file name
in /tmp/ when the native libraries were bundled in a JAR file, and no
custom library path was specified. A local attacker could overwrite these
native libraries with malicious versions during the window between when
HawtJNI writes them and when they are executed. (CVE-2013-2035)
In Red Hat JBoss Enterprise Application Platform, when running under a
security manager, it was possible for deployed code to get access to the
Modular Service Container (MSC) service registry without any permission
checks. This could allow malicious deployments to modify the internal state
of the server in various ways. (CVE-2014-0018)
It was found that the security audit functionality logged request
parameters in plain text. This may have caused passwords to be included in
the audit log files when using BASIC or FORM-based authentication. A local
attacker with access to audit log files could possibly use this flaw to
obtain application or server authentication credentials. (CVE-2014-0058)
The CVE-2013-6440 issue was discovered by David Illsley, Ron Gutierrez of
Gotham Digital Science, and David Jorm of Red Hat Product Security; the
CVE-2014-0093 issue was discovered by Josef Cacek of the Red Hat JBoss EAP
Quality Engineering team; the CVE-2013-2035 issue was discovered by Florian
Weimer of Red Hat Product Security; and the CVE-2014-0018 issue was
discovered by Stuart Douglas of Red Hat.
All users of Red Hat JBoss BPM Suite 6.0.3 as provided from the Red Hat
Customer Portal are advised to upgrade to Red Hat JBoss BPM Suite 6.0.3.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss BPM Suite 6.0.3, which fixes multiple security issues,\nseveral bugs, and adds various enhancements, is now available from the Red\nHat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes.\n\nThis release of Red Hat JBoss BPM Suite 6.0.3 serves as a replacement for\nRed Hat JBoss BPM Suite 6.0.2, and includes bug fixes and enhancements.\nRefer to the Red Hat JBoss BPM Suite 6.0.3 Release Notes for information on\nthe most significant of these changes. The Release Notes are available at\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/\n\nThe following security issues are fixed with this release:\n\nIt was found that the secure processing feature of Xalan-Java had\ninsufficient restrictions defined for certain properties and features.\nA remote attacker able to provide Extensible Stylesheet Language\nTransformations (XSLT) content to be processed by an application using\nXalan-Java could use this flaw to bypass the intended constraints of the\nsecure processing feature. Depending on the components available in the\nclasspath, this could lead to arbitrary remote code execution in the\ncontext of the application server running the application that uses\nXalan-Java. (CVE-2014-0107)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML\nJava implementation resolved external entities, permitting XML External\nEntity (XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was found that Java Security Manager permissions configured via a policy\nfile were not properly applied, causing all deployed applications to be\ngranted the java.security.AllPermission permission. In certain cases, an\nattacker could use this flaw to circumvent expected security measures to\nperform actions which would otherwise be restricted. (CVE-2014-0093)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp/ when the native libraries were bundled in a JAR file, and no\ncustom library path was specified. A local attacker could overwrite these\nnative libraries with malicious versions during the window between when\nHawtJNI writes them and when they are executed. (CVE-2013-2035)\n\nIn Red Hat JBoss Enterprise Application Platform, when running under a\nsecurity manager, it was possible for deployed code to get access to the\nModular Service Container (MSC) service registry without any permission\nchecks. This could allow malicious deployments to modify the internal state\nof the server in various ways. (CVE-2014-0018)\n\nIt was found that the security audit functionality logged request\nparameters in plain text. This may have caused passwords to be included in\nthe audit log files when using BASIC or FORM-based authentication. A local\nattacker with access to audit log files could possibly use this flaw to\nobtain application or server authentication credentials. (CVE-2014-0058)\n\nThe CVE-2013-6440 issue was discovered by David Illsley, Ron Gutierrez of\nGotham Digital Science, and David Jorm of Red Hat Product Security; the\nCVE-2014-0093 issue was discovered by Josef Cacek of the Red Hat JBoss EAP\nQuality Engineering team; the CVE-2013-2035 issue was discovered by Florian\nWeimer of Red Hat Product Security; and the CVE-2014-0018 issue was\ndiscovered by Stuart Douglas of Red Hat.\n\nAll users of Red Hat JBoss BPM Suite 6.0.3 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss BPM Suite 6.0.3.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:1291", "url": "https://access.redhat.com/errata/RHSA-2014:1291" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite\u0026downloadType=distributions\u0026version=6.0.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite\u0026downloadType=distributions\u0026version=6.0.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/", "url": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_BPM_Suite/" }, { "category": "external", "summary": "958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "1063641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063641" }, { "category": "external", "summary": "1070046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070046" }, { "category": "external", "summary": "1080248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080248" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1291.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.0.3 update", "tracking": { "current_release_date": "2024-11-05T18:35:58+00:00", "generator": { "date": "2024-11-05T18:35:58+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2014:1291", "initial_release_date": "2014-09-23T20:19:49+00:00", "revision_history": [ { "date": "2014-09-23T20:19:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:35:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:35:58+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss BPMS 6.0", "product": { "name": "Red Hat JBoss BPMS 6.0", "product_id": "Red Hat JBoss BPMS 6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_bpms:6.0" } } } ], "category": "product_family", "name": "Red Hat Process Automation Manager" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Florian Weimer" ], "organization": "Red Hat Product Security Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-2035", "cwe": { "id": "CWE-377", "name": "Insecure Temporary File" }, "discovery_date": "2013-04-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "958618" } ], "notes": [ { "category": "description", "text": "The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed.", "title": "Vulnerability description" }, { "category": "summary", "text": "HawtJNI: predictable temporary file name leading to local arbitrary code execution", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BPMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-2035" }, { "category": "external", "summary": "RHBZ#958618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=958618" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-2035", "url": "https://www.cve.org/CVERecord?id=CVE-2013-2035" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2035" } ], "release_date": "2013-05-13T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:49+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BPMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1291" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BPMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "HawtJNI: predictable temporary file name leading to local arbitrary code execution" }, { "acknowledgments": [ { "names": [ "David Illsley" ] }, { "names": [ "Ron Gutierrez" ], "organization": "Gotham Digital Science" }, { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6440", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2013-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1043332" } ], "notes": [ { "category": "description", "text": "It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BPMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6440" }, { "category": "external", "summary": "RHBZ#1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440" }, { "category": "external", "summary": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" } ], "release_date": "2013-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:49+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BPMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1291" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BPMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter" }, { "acknowledgments": [ { "names": [ "Stuart Douglas" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0018", "discovery_date": "2014-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1052783" } ], "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-as-server: Unchecked access to MSC Service Registry under JSM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BPMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0018" }, { "category": "external", "summary": "RHBZ#1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0018", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0018" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018" } ], "release_date": "2014-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:49+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BPMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1291" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BPMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-as-server: Unchecked access to MSC Service Registry under JSM" }, { "cve": "CVE-2014-0058", "discovery_date": "2014-02-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1063641" } ], "notes": [ { "category": "description", "text": "It was found that the security audit functionality logged request parameters in plain text. This may have caused passwords to be included in the audit log files when using BASIC or FORM-based authentication. A local attacker with access to audit log files could possibly use this flaw to obtain application or server authentication credentials.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP6: Plain text password logging during security audit", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BPMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0058" }, { "category": "external", "summary": "RHBZ#1063641", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1063641" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0058", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0058" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0058", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0058" } ], "release_date": "2014-02-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:49+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BPMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1291" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BPMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "EAP6: Plain text password logging during security audit" }, { "acknowledgments": [ { "names": [ "Josef Cacek" ], "organization": "Red Hat JBoss EAP Quality Engineering team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0093", "discovery_date": "2014-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1070046" } ], "notes": [ { "category": "description", "text": "It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted.", "title": "Vulnerability description" }, { "category": "summary", "text": "6: JSM policy not respected by deployed applications", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BPMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0093" }, { "category": "external", "summary": "RHBZ#1070046", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1070046" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0093", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0093" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0093", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0093" } ], "release_date": "2014-02-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:49+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BPMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1291" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss BPMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "6: JSM policy not respected by deployed applications" }, { "cve": "CVE-2014-0107", "cwe": { "id": "CWE-358", "name": "Improperly Implemented Security Check for Standard" }, "discovery_date": "2014-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1080248" } ], "notes": [ { "category": "description", "text": "It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java.", "title": "Vulnerability description" }, { "category": "summary", "text": "Xalan-Java: insufficient constraints in secure processing feature", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss BPMS 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0107" }, { "category": "external", "summary": "RHBZ#1080248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1080248" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0107", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0107" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0107", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0107" }, { "category": "external", "summary": "http://www.ocert.org/advisories/ocert-2014-002.html", "url": "http://www.ocert.org/advisories/ocert-2014-002.html" } ], "release_date": "2014-03-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-09-23T20:19:49+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss BPMS 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:1291" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss BPMS 6.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Xalan-Java: insufficient constraints in secure processing feature" } ] }
rhsa-2014_0172
Vulnerability from csaf_redhat
Published
2014-02-13 18:33
Modified
2024-11-05 18:19
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 update
Notes
Topic
An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which
fixes three security issues, several bugs, and adds various enhancements,
is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
It was found that the ParserPool and Decrypter classes in the OpenSAML Java
implementation resolved external entities, permitting XML External Entity
(XXE) attacks. A remote attacker could use this flaw to read files
accessible to the user running the application server, and potentially
perform other more advanced XXE attacks. (CVE-2013-6440)
It was discovered that the Apache Santuario XML Security for Java project
allowed Document Type Definitions (DTDs) to be processed when applying
Transforms even when secure validation was enabled. A remote attacker could
use this flaw to exhaust all available memory on the system, causing a
denial of service. (CVE-2013-4517)
In Red Hat JBoss Enterprise Application Platform, when running under a
security manager, it was possible for deployed code to get access to the
Modular Service Container (MSC) service registry without any permission
checks. This could allow malicious deployments to modify the internal state
of the server in various ways. (CVE-2014-0018)
The CVE-2013-6440 was discovered by David Illsley, Ron Gutierrez of Gotham
Digital Science, and David Jorm of the Red Hat Security Response Team, and
the CVE-2014-0018 issue was discovered by Stuart Douglas of Red Hat.
This release serves as a replacement for JBoss Enterprise Application
Platform 6.2.0, and includes bug fixes and enhancements. Documentation for
these changes will be available shortly from the JBoss Enterprise
Application Platform 6.2.1 Release Notes, linked to in the References.
All users of Red Hat JBoss Enterprise Application Platform 6.2.0 as
provided from the Red Hat Customer Portal are advised to apply this update.
The JBoss server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which\nfixes three security issues, several bugs, and adds various enhancements,\nis now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server, and potentially\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIn Red Hat JBoss Enterprise Application Platform, when running under a\nsecurity manager, it was possible for deployed code to get access to the\nModular Service Container (MSC) service registry without any permission\nchecks. This could allow malicious deployments to modify the internal state\nof the server in various ways. (CVE-2014-0018)\n\nThe CVE-2013-6440 was discovered by David Illsley, Ron Gutierrez of Gotham\nDigital Science, and David Jorm of the Red Hat Security Response Team, and\nthe CVE-2014-0018 issue was discovered by Stuart Douglas of Red Hat.\n\nThis release serves as a replacement for JBoss Enterprise Application\nPlatform 6.2.0, and includes bug fixes and enhancements. Documentation for\nthese changes will be available shortly from the JBoss Enterprise\nApplication Platform 6.2.1 Release Notes, linked to in the References.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.0 as\nprovided from the Red Hat Customer Portal are advised to apply this update.\nThe JBoss server process must be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0172", "url": "https://access.redhat.com/errata/RHSA-2014:0172" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.2.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.2.0" }, { "category": "external", "summary": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/6.2.1_Release_Notes/index.html", "url": "https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.2/html/6.2.1_Release_Notes/index.html" }, { "category": "external", "summary": "1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "external", "summary": "1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0172.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.1 update", "tracking": { "current_release_date": "2024-11-05T18:19:07+00:00", "generator": { "date": "2024-11-05T18:19:07+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2014:0172", "initial_release_date": "2014-02-13T18:33:26+00:00", "revision_history": [ { "date": "2014-02-13T18:33:26+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:32:51+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:19:07+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.2", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.2", "product_id": "Red Hat JBoss Enterprise Application Platform 6.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.2.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2013-4517", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2013-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1045257" } ], "notes": [ { "category": "description", "text": "It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: Java XML Signature DoS Attack", "title": "Vulnerability summary" }, { "category": "other", "text": "Fuse ESB 4, Fuse Message Broker 5.2, 5.3, 5.4, Fuse Mediation Router 2.7, 2.8 and Fuse Services Framework 2.3, 2.4 are now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nFuse ESB Enterprise is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/\n\nRed Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 4; Red Hat JBoss Enterprise Data Services Platform 5; Red Hat JBoss Enterprise Portal Platform 4 and 5; and Red Hat JBoss Enterprise SOA Platform 4 and 5 are now in Phase 3, Extended Life Support, of their respective life cycles. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-4517" }, { "category": "external", "summary": "RHBZ#1045257", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1045257" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4517", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4517" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4517" } ], "release_date": "2013-11-01T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-13T18:33:26+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.\n\nFor more details, refer to the JBoss Enterprise Application Platform 6.2.1\nRelease Notes, linked to in the References.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0172" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: Java XML Signature DoS Attack" }, { "acknowledgments": [ { "names": [ "David Illsley" ] }, { "names": [ "Ron Gutierrez" ], "organization": "Gotham Digital Science" }, { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6440", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2013-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1043332" } ], "notes": [ { "category": "description", "text": "It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6440" }, { "category": "external", "summary": "RHBZ#1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440" }, { "category": "external", "summary": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" } ], "release_date": "2013-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-13T18:33:26+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.\n\nFor more details, refer to the JBoss Enterprise Application Platform 6.2.1\nRelease Notes, linked to in the References.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0172" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter" }, { "acknowledgments": [ { "names": [ "Stuart Douglas" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0018", "discovery_date": "2014-01-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1052783" } ], "notes": [ { "category": "description", "text": "In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.", "title": "Vulnerability description" }, { "category": "summary", "text": "jboss-as-server: Unchecked access to MSC Service Registry under JSM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0018" }, { "category": "external", "summary": "RHBZ#1052783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1052783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0018", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0018" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0018" } ], "release_date": "2014-01-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-02-13T18:33:26+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting Red Hat JBoss Enterprise Application Platform installation and\ndeployed applications.\n\nFor more details, refer to the JBoss Enterprise Application Platform 6.2.1\nRelease Notes, linked to in the References.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0172" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.2" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "jboss-as-server: Unchecked access to MSC Service Registry under JSM" } ] }
rhsa-2014_0452
Vulnerability from csaf_redhat
Published
2014-04-30 18:49
Modified
2024-11-05 18:23
Summary
Red Hat Security Advisory: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update
Notes
Topic
Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 (Patch 3 on Rollup Patch 1),
which addresses several security issues and contains multiple bug fixes, is
now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
Important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Fuse ESB Enterprise is an integration platform based on Apache ServiceMix.
Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant
messaging system that is tailored for use in mission critical applications.
This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update
to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes
various bug fixes, which are listed in the README file included with the
patch files.
The following security issues are also addressed with this release:
It was found that XStream could deserialize arbitrary user-supplied XML
content, representing objects of any type. A remote attacker able to pass
XML to XStream could use this flaw to perform a variety of attacks,
including remote code execution in the context of the server running the
XStream application. (CVE-2013-7285)
It was found that the Apache Camel XSLT component allowed XSL stylesheets
to call external Java methods. A remote attacker able to submit messages to
a Camel route could use this flaw to perform arbitrary remote code
execution in the context of the Camel server process. (CVE-2014-0003)
It was found that the ParserPool and Decrypter classes in the OpenSAML Java
implementation resolved external entities, permitting XML External Entity
(XXE) attacks. A remote attacker could use this flaw to read files
accessible to the user running the application server and, potentially,
perform other more advanced XXE attacks. (CVE-2013-6440)
It was found that the Apache Camel XSLT component would resolve entities in
XML messages when transforming them using an XSLT route. A remote attacker
able to submit messages to an XSLT Camel route could use this flaw to read
files accessible to the user running the application server and,
potentially, perform other more advanced XXE attacks. (CVE-2014-0002)
A denial of service flaw was found in the way Apache Commons FileUpload
handled small-sized buffers used by MultipartStream. A remote attacker
could use this flaw to create a malformed Content-Type header for a
multipart request, causing Apache Commons FileUpload to enter an infinite
loop when processing such an incoming request. (CVE-2014-0050)
The CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of
the Red Hat Security Response Team, and the CVE-2013-6440 issue was
discovered by David Illsley, Ron Gutierrez of Gotham Digital Science, and
David Jorm of the Red Hat Security Response Team.
All users of Fuse ESB Enterprise/MQ Enterprise 7.1.0 as provided from the
Red Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise/MQ
Enterprise 7.1.0 R1 P3.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 (Patch 3 on Rollup Patch 1),\nwhich addresses several security issues and contains multiple bug fixes, is\nnow available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Fuse ESB Enterprise is an integration platform based on Apache ServiceMix.\nFuse MQ Enterprise, based on Apache ActiveMQ, is a standards-compliant\nmessaging system that is tailored for use in mission critical applications.\n\nThis release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P3 is an update\nto Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes\nvarious bug fixes, which are listed in the README file included with the\npatch files.\n\nThe following security issues are also addressed with this release:\n\nIt was found that XStream could deserialize arbitrary user-supplied XML\ncontent, representing objects of any type. A remote attacker able to pass\nXML to XStream could use this flaw to perform a variety of attacks,\nincluding remote code execution in the context of the server running the\nXStream application. (CVE-2013-7285)\n\nIt was found that the Apache Camel XSLT component allowed XSL stylesheets\nto call external Java methods. A remote attacker able to submit messages to\na Camel route could use this flaw to perform arbitrary remote code\nexecution in the context of the Camel server process. (CVE-2014-0003)\n\nIt was found that the ParserPool and Decrypter classes in the OpenSAML Java\nimplementation resolved external entities, permitting XML External Entity\n(XXE) attacks. A remote attacker could use this flaw to read files\naccessible to the user running the application server and, potentially,\nperform other more advanced XXE attacks. (CVE-2013-6440)\n\nIt was found that the Apache Camel XSLT component would resolve entities in\nXML messages when transforming them using an XSLT route. A remote attacker\nable to submit messages to an XSLT Camel route could use this flaw to read\nfiles accessible to the user running the application server and,\npotentially, perform other more advanced XXE attacks. (CVE-2014-0002)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. A remote attacker\ncould use this flaw to create a malformed Content-Type header for a\nmultipart request, causing Apache Commons FileUpload to enter an infinite\nloop when processing such an incoming request. (CVE-2014-0050)\n\nThe CVE-2014-0002 and CVE-2014-0003 issues were discovered by David Jorm of\nthe Red Hat Security Response Team, and the CVE-2013-6440 issue was\ndiscovered by David Illsley, Ron Gutierrez of Gotham Digital Science, and\nDavid Jorm of the Red Hat Security Response Team.\n\nAll users of Fuse ESB Enterprise/MQ Enterprise 7.1.0 as provided from the\nRed Hat Customer Portal are advised to upgrade to Fuse ESB Enterprise/MQ\nEnterprise 7.1.0 R1 P3.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2014:0452", "url": "https://access.redhat.com/errata/RHSA-2014:0452" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise\u0026downloadType=securityPatches\u0026version=7.1.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise\u0026downloadType=securityPatches\u0026version=7.1.0" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.mq.enterprise\u0026downloadType=securityPatches\u0026version=7.1.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.mq.enterprise\u0026downloadType=securityPatches\u0026version=7.1.0" }, { "category": "external", "summary": "1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "1049675", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049675" }, { "category": "external", "summary": "1049692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049692" }, { "category": "external", "summary": "1051277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051277" }, { "category": "external", "summary": "1062337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_0452.json" } ], "title": "Red Hat Security Advisory: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update", "tracking": { "current_release_date": "2024-11-05T18:23:39+00:00", "generator": { "date": "2024-11-05T18:23:39+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2014:0452", "initial_release_date": "2014-04-30T18:49:57+00:00", "revision_history": [ { "date": "2014-04-30T18:49:57+00:00", "number": "1", "summary": "Initial version" }, { "date": "2014-04-30T18:49:57+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:23:39+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Fuse ESB Enterprise 7.1.0", "product": { "name": "Fuse ESB Enterprise 7.1.0", "product_id": "Fuse ESB Enterprise 7.1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:fuse_esb_enterprise:7.1.0" } } }, { "category": "product_name", "name": "Fuse Management Console 7.1.0", "product": { "name": "Fuse Management Console 7.1.0", "product_id": "Fuse Management Console 7.1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:fuse_management_console:7.1.0" } } }, { "category": "product_name", "name": "Fuse MQ Enterprise 7.1.0", "product": { "name": "Fuse MQ Enterprise 7.1.0", "product_id": "Fuse MQ Enterprise 7.1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:fuse_mq_enterprise:7.1.0" } } } ], "category": "product_family", "name": "Fuse Enterprise Middleware" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "David Illsley" ] }, { "names": [ "Ron Gutierrez" ], "organization": "Gotham Digital Science" }, { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2013-6440", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2013-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1043332" } ], "notes": [ { "category": "description", "text": "It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity (XXE) attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-6440" }, { "category": "external", "summary": "RHBZ#1043332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-6440", "url": "https://www.cve.org/CVERecord?id=CVE-2013-6440" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6440" }, { "category": "external", "summary": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" } ], "release_date": "2013-12-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-30T18:49:57+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0452" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter" }, { "cve": "CVE-2013-7285", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2013-12-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1051277" } ], "notes": [ { "category": "description", "text": "It was found that XStream could deserialize arbitrary user-supplied XML content, representing objects of any type. A remote attacker able to pass XML to XStream could use this flaw to perform a variety of attacks, including remote code execution in the context of the server running the XStream application.", "title": "Vulnerability description" }, { "category": "summary", "text": "XStream: remote code execution due to insecure XML deserialization", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-7285" }, { "category": "external", "summary": "RHBZ#1051277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051277" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-7285", "url": "https://www.cve.org/CVERecord?id=CVE-2013-7285" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-7285", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7285" }, { "category": "external", "summary": "http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html", "url": "http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html" }, { "category": "external", "summary": "http://xstream.codehaus.org/security.html", "url": "http://xstream.codehaus.org/security.html" }, { "category": "external", "summary": "https://securityblog.redhat.com/2014/01/23/java-deserialization-flaws-part-2-xml-deserialization/", "url": "https://securityblog.redhat.com/2014/01/23/java-deserialization-flaws-part-2-xml-deserialization/" } ], "release_date": "2013-12-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-30T18:49:57+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0452" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "XStream: remote code execution due to insecure XML deserialization" }, { "acknowledgments": [ { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0002", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2014-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1049675" } ], "notes": [ { "category": "description", "text": "The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.", "title": "Vulnerability description" }, { "category": "summary", "text": "Camel: XML eXternal Entity (XXE) flaw in XSLT component", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0002" }, { "category": "external", "summary": "RHBZ#1049675", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049675" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0002", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0002" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0002", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0002" }, { "category": "external", "summary": "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc", "url": "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc" } ], "release_date": "2014-02-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-30T18:49:57+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0452" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Camel: XML eXternal Entity (XXE) flaw in XSLT component" }, { "acknowledgments": [ { "names": [ "David Jorm" ], "organization": "Red Hat Security Response Team", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2014-0003", "discovery_date": "2014-01-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1049692" } ], "notes": [ { "category": "description", "text": "The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.", "title": "Vulnerability description" }, { "category": "summary", "text": "Camel: remote code execution via XSL", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0003" }, { "category": "external", "summary": "RHBZ#1049692", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049692" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0003", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0003" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0003", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0003" }, { "category": "external", "summary": "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc", "url": "http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc" } ], "release_date": "2014-02-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-30T18:49:57+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0452" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "products": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "Camel: remote code execution via XSL" }, { "cve": "CVE-2014-0050", "discovery_date": "2014-02-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1062337" } ], "notes": [ { "category": "description", "text": "A denial of service flaw was found in the way Apache Commons FileUpload, which is embedded in Tomcat and JBoss Web, handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing Tomcat to enter an infinite loop when processing such an incoming request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2014-0050" }, { "category": "external", "summary": "RHBZ#1062337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0050", "url": "https://www.cve.org/CVERecord?id=CVE-2014-0050" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0050" } ], "release_date": "2014-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2014-04-30T18:49:57+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2014:0452" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "Fuse ESB Enterprise 7.1.0", "Fuse MQ Enterprise 7.1.0", "Fuse Management Console 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream" } ] }
gsd-2013-6440
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2013-6440", "description": "The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.", "id": "GSD-2013-6440", "references": [ "https://access.redhat.com/errata/RHSA-2014:1995", "https://access.redhat.com/errata/RHSA-2014:1291", "https://access.redhat.com/errata/RHSA-2014:1290", "https://access.redhat.com/errata/RHSA-2014:0452", "https://access.redhat.com/errata/RHSA-2014:0195", "https://access.redhat.com/errata/RHSA-2014:0172", "https://access.redhat.com/errata/RHSA-2014:0171", "https://access.redhat.com/errata/RHSA-2014:0170" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2013-6440" ], "details": "The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.", "id": "GSD-2013-6440", "modified": "2023-12-13T01:22:18.933875Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6440", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "name": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "refsource": "MISC", "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" }, { "name": "http://rhn.redhat.com/errata/RHSA-2014-0170.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2014-0171.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2014-0172.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2014-0195.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html" }, { "name": "http://shibboleth.net/community/advisories/secadv_20131213.txt", "refsource": "MISC", "url": "http://shibboleth.net/community/advisories/secadv_20131213.txt" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,2.6.1)", "affected_versions": "All versions before 2.6.1", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-200", "CWE-937" ], "date": "2022-07-07", "description": "The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.", "fixed_versions": [ "2.6.1" ], "identifier": "CVE-2013-6440", "identifiers": [ "GHSA-v723-58jv-2qc4", "CVE-2013-6440" ], "not_impacted": "All versions starting from 2.6.1", "package_slug": "maven/org.opensaml/opensaml", "pubdate": "2022-05-13", "solution": "Upgrade to version 2.6.1 or above.", "title": "Exposure of Sensitive Information to an Unauthorized Actor", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2013-6440", "https://bugzilla.redhat.com/show_bug.cgi?id=1043332", "https://www.oracle.com/security-alerts/cpujan2022.html", "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "http://rhn.redhat.com/errata/RHSA-2014-0170.html", "http://rhn.redhat.com/errata/RHSA-2014-0171.html", "http://rhn.redhat.com/errata/RHSA-2014-0172.html", "http://rhn.redhat.com/errata/RHSA-2014-0195.html", "http://shibboleth.net/community/advisories/secadv_20131213.txt", "https://github.com/advisories/GHSA-v723-58jv-2qc4" ], "uuid": "959662c2-168f-4154-954e-73be191ad8cb" }, { "affected_range": "(,1.4.0]", "affected_versions": "All versions up to 1.4.0", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-200", "CWE-937" ], "date": "2014-03-05", "description": "The `BasicParserPool`, `StaticBasicParserPool`, XML Decrypter, and SAML Decrypter in this package set the expandEntityReferences property to `true`, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.", "fixed_versions": [ "1.4.1" ], "identifier": "CVE-2013-6440", "identifiers": [ "CVE-2013-6440" ], "not_impacted": "All versions after 1.4.0", "package_slug": "maven/org.opensaml/xmltooling", "pubdate": "2014-02-14", "solution": "Upgrade to version 1.4.1 or above.", "title": "XML eXternal Entity (XXE) flaw in ParserPool and Decrypter", "urls": [ "https://bugzilla.redhat.com/CVE-2013-6440" ], "uuid": "3d5e6ec6-900a-4f48-91c4-dfc3cf398529" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:internet2:opensaml:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:internet2:opensaml:2.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:shibboleth:opensaml:2.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:shibboleth:opensaml:2.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:shibboleth:opensaml:2.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:shibboleth:opensaml:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.6.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:shibboleth:opensaml:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:shibboleth:opensaml:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:internet2:opensaml:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:shibboleth:opensaml:2.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:shibboleth:opensaml:2.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:shibboleth:opensaml:2.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6440" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml", "refsource": "MISC", "tags": [], "url": "http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml" }, { "name": "RHSA-2014:0170", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html" }, { "name": "RHSA-2014:0171", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1043332" }, { "name": "RHSA-2014:0172", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html" }, { "name": "http://shibboleth.net/community/advisories/secadv_20131213.txt", "refsource": "CONFIRM", "tags": [], "url": "http://shibboleth.net/community/advisories/secadv_20131213.txt" }, { "name": "RHSA-2014:0195", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html" }, { "name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "tags": [], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2022-02-07T16:15Z", "publishedDate": "2014-02-14T15:55Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.